CVE-2006-1039
SAP Web Application Server - HTTP Response Injection via Encoded Headers
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-1039. PoCs published by Arnold Grossmann.
AI-analyzed exploit summary This exploit demonstrates an HTTP response-splitting vulnerability in SAP Web Application Server by injecting malformed HTTP headers via user-supplied input. The attack manipulates the server's response to misrepresent content, potentially aiding in phishing or cache poisoning.
Description
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
Exploits (1)
This exploit demonstrates an HTTP response-splitting vulnerability in SAP Web Application Server by injecting malformed HTTP headers via user-supplied input. The attack manipulates the server's response to misrepresent content, potentially aiding in phishing or cache poisoning.